Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2023
CVE-2022-4118
The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users
CVSS Score
9.8
EPSS Score
0.005
Published
2023-05-08
CVE-2023-0267
The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-05-08
CVE-2022-45812
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Lees Exxp plugin <= 2.6.8 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-05-08
CVE-2023-25052
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa Yandex.News Feed by Teplitsa plugin <= 1.12.5 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-05-08
CVE-2023-25452
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Pretty (prettyboymp) CMS Press plugin <= 0.2.3 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-05-08
CVE-2023-28169
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CoreFortress Easy Event calendar plugin <= 1.0 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-05-08
CVE-2023-2573
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.
CVSS Score
8.8
EPSS Score
0.019
Published
2023-05-08
CVE-2023-2574
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request.
CVSS Score
8.8
EPSS Score
0.014
Published
2023-05-08
CVE-2023-2575
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.
CVSS Score
8.8
EPSS Score
0.024
Published
2023-05-08
CVE-2022-46799
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <= 1.0.15 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-05-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved